[PATCH] pdb_ldap: Use lp_ldap_group_suffix
Michael Adam
obnox at samba.org
Mon Jul 9 15:20:00 MDT 2012
Hi Christof,
Christof Schmitt wrote:
> The current code in pdb_ldap uses the generic ldap_suffix for all
> queries on the LDAP server. With this approach, the LDAP server
> has to look at all user, machine and group records for all
> queries. The attached patch changes the group queries to use the
> lp_ldap_group_suffix instead.
>
> I tried to also do the same for user and machine records, but
> user and machine records can use different suffixes and there is
> no easy way to distinguish between them. Querying both suffixes,
> user and machine, would defeat the goal of reducing the load on
> the LDAP server, so this patch only uses the group suffix.
Well, this is essentially the revert of
91a8cb851e1919a337310e2c699d8fcf76a55060:
"Fix bug #6431 - local groups from 3.0 setups no longer found."
(Search for groups without group suffix, group suffix is only
used for new entries.)
https://bugzilla.samba.org/show_bug.cgi?id=6431
So we can't simply revert that if we still want to
support older installations.
We could force the use of some form of "upgrade-provision" for
older installations.
Or we could add another option that triggers this use of the
group suffix.
More options? What do others think?
Best, Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120709/96e53df5/attachment.pgp>
More information about the samba-technical
mailing list